我已经设置了我的邮件服务器与SMTP和Dovecot IMAP的Postfix。 而不是虚拟用户,我只是倾听来自Server Fault的人的build议,并与Linux用户一起。 我使用RainLoop作为networking邮件服务。 我configuration了SPF,为了让我的电子邮件到达其他提供者,我必须使用身份validation。
所以我(试图)设置TLS来处理我使用Let's Encrypt客户端获得的SSL证书。 以下是我的main.cf文件:
# domain name and public server ip are replaced with mydomain.co.il and 127.0.0.1 # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # TLS parameters smtpd_tls_cert_file=/etc/letsencrypt/live/mydomain.co.il/cert.pem smtpd_tls_key_file=/etc/letsencrypt/live/mydomain.co.il/privkey.pem smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_tls_received_header = yes smtpd_tls_security_level = may smtp_tls_security_level = may smtp_tls_loglevel = 1 smtpd_tls_loglevel = 1 # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination myhostname = mail.mydomain.co.il alias_maps = hash:/etc/postfix/aliases alias_database = hash:/etc/postfix/aliases transport_maps = hash:/etc/postfix/transport myorigin = mydomain.co.il mydestination = mail.mydomain.co.il, localhost.mydomain.co.il, localhost, hash:/etc/postfix/transport relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.10.0/24 127.0.0.1 # last one is the server's public ip mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all mime_header_checks = regexp:/etc/postfix/header_checks header_checks = regexp:/etc/postfix/header_checks
以下是我的master.cf文件:
# # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master" or # on-line: http://www.postfix.org/master.5.html). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (no) (never) (100) # ========================================================================== smtp inet n - y - - smtpd #smtp inet n - y - 1 postscreen #smtpd pass - - y - - smtpd #dnsblog unix - - y - 0 dnsblog #tlsproxy unix - - y - 0 tlsproxy submission inet n - y - - smtpd # -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #smtps inet n - y - - smtpd # -o syslog_name=postfix/smtps # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - y - - qmqpd pickup unix n - y 60 1 pickup cleanup unix n - y - 0 cleanup qmgr unix n - n 300 1 qmgr #qmgr unix n - n 300 1 oqmgr tlsmgr unix - - y 1000? 1 tlsmgr rewrite unix - - y - - trivial-rewrite bounce unix - - y - 0 bounce defer unix - - y - 0 bounce trace unix - - y - 0 bounce verify unix - - y - 1 verify flush unix n - y 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - y - - smtp relay unix - - y - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - y - - showq error unix - - y - - error retry unix - - y - - error discard unix - - y - - discard local unix - nn - - local virtual unix - nn - - virtual lmtp unix - - y - - lmtp anvil unix - - y - 1 anvil scache unix - - y - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - nn - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} # # ==================================================================== # # Recent Cyrus versions can use the existing "lmtp" master.cf entry. # # Specify in cyrus.conf: # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 # # Specify in main.cf one or more of the following: # mailbox_transport = lmtp:inet:localhost # virtual_transport = lmtp:inet:localhost # # ==================================================================== # # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - nn - - pipe # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} # # ==================================================================== # Old example of delivery via Cyrus. # #old-cyrus unix - nn - - pipe # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} # # ==================================================================== # # See the Postfix UUCP_README file for configuration details. # uucp unix - nn - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmail unix - nn - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - nn - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - nn - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - nn - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
我基本上只是启用了sumbission 。
RainLoop连接到我的IMAP服务器和SMTP服务器:
RainLoop截图
只要“使用validation”被禁用,或者如果我使用PHP mail(); function,我可以发送电子邮件,并在任何地方接收。 他们被标记为垃圾邮件,所以我想我需要启用身份validation,但如果我这样做; 我无法发送电子邮件,这是从我的mail.log文件:
# i replaced my server's public ip address with 127.0.0.1 Jun 23 05:14:57 mailserver dovecot: imap-login: Login: user=<shavit>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=16305, TLS, session=<QVtwdek15swlOzfP> Jun 23 05:14:57 mailserver postfix/smtpd[16306]: connect from mydomain.co.il[127.0.0.1] Jun 23 05:14:57 mailserver postfix/smtpd[16306]: Anonymous TLS connection established from mydomain.co.il[127.0.0.1]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) Jun 23 05:14:57 mailserver postfix/smtpd[16306]: warning: mydomain.co.il[127.0.0.1]: SASL CRAM-MD5 authentication failed: authentication failure Jun 23 05:14:57 mailserver postfix/smtpd[16306]: disconnect from mydomain.co.il[127.0.0.1] ehlo=2 starttls=1 auth=0/1 quit=1 commands=4/5 Jun 23 05:14:57 mailserver dovecot: imap(shavit): Logged out in=11 out=401 Jun 23 05:14:57 mailserver dovecot: imap-login: Login: user=<shavit>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=16310, TLS, session=<BsR2dek16MwlOzfP> Jun 23 05:14:57 mailserver dovecot: imap(shavit): Logged out in=90 out=884
我的SSL证书是有效的; 我使用nginx的5个虚拟主机在同一个域下,他们都工作,所以这个选项可以消除。
我做错了什么,或者; 我将如何解决它? 帮助将不胜感激!
TLSconfiguration可能是一个红鲱鱼。 SASL CRAM-MD5是非典型的。 也许你想要SASL PLAIN或SASL LOGIN 。 由于您正在使用dovecot进行IMAP,因此您可能还想使用dovecot的sasl提供程序进行postfix。 http://www.postfix.org/SASL_README.html#server_dovecot